Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/M2XenMFsJmwCt8LKFbjR0vCmf7s.roa
File:                     M2XenMFsJmwCt8LKFbjR0vCmf7s.roa (raw, json)
Hash identifier:          sxZHMj2pXBLQAhyxxC7iLRxGTiHa1Y1yN+ZD0WzJ+tI=
Subject key identifier:   33:65:DE:9C:C1:6C:26:6C:02:B7:C2:CA:15:B8:D1:D2:F0:A6:7F:BB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222440426081CC746476C7A3D68AFD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/M2XenMFsJmwCt8LKFbjR0vCmf7s.roa
Signing time:             Thu 02 Jan 2025 03:49:42 +0000
ROA not before:           Thu 02 Jan 2025 03:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207079
IP address blocks:        2a0e:b107:17f0::/44 maxlen: 48
                          2a0e:b107:1ed0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:24:40:42:60:81:cc:74:64:76:c7:a3:d6:8a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3365de9cc16c266c02b7c2ca15b8d1d2f0a67fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ef:e0:92:89:ad:1e:52:f6:96:87:8e:28:0d:
                    53:ea:ec:66:a8:fe:e5:5b:a3:a1:d6:5d:21:e3:ed:
                    ee:a2:15:48:b8:76:89:93:45:b7:eb:13:d8:8e:54:
                    b3:77:30:cb:85:63:b6:b0:10:84:93:e9:31:9d:cd:
                    f7:f4:ae:ab:1c:1c:00:f7:d1:7d:25:73:d0:56:e7:
                    be:be:4b:f5:7f:6b:f1:e7:b7:b8:6d:3e:57:33:9a:
                    53:2b:49:0e:a9:ee:5b:df:07:ce:c0:3e:71:63:7f:
                    c7:6f:f7:da:8f:88:33:0b:6a:53:eb:13:67:72:ce:
                    57:66:cb:19:b7:04:fe:3e:89:4d:ec:a2:42:50:89:
                    e3:18:7e:84:b0:94:39:14:4c:ed:7b:46:82:7f:1e:
                    78:44:7c:ce:ba:31:4a:27:0f:fb:e8:2a:c2:f4:89:
                    2d:b4:3c:c1:6a:85:aa:99:a2:cc:79:e7:4e:62:44:
                    05:3f:28:1c:38:ed:44:89:57:2f:31:03:49:75:9b:
                    0e:ec:74:91:f6:1a:1e:a1:78:c2:48:83:c1:72:58:
                    20:f6:75:4a:b4:35:55:1e:c4:35:2c:fc:f6:76:69:
                    a3:51:62:4d:dc:55:36:07:6c:eb:16:0a:7b:4a:52:
                    a7:43:34:64:6a:7e:17:07:53:71:e5:9c:7e:eb:f8:
                    1d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:65:DE:9C:C1:6C:26:6C:02:B7:C2:CA:15:B8:D1:D2:F0:A6:7F:BB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/M2XenMFsJmwCt8LKFbjR0vCmf7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:17f0::/44
                  2a0e:b107:1ed0::/44

    Signature Algorithm: sha256WithRSAEncryption
         48:b7:49:24:d7:8d:64:0d:3c:38:08:c8:4f:c2:b8:5b:3d:5e:
         3f:cf:b3:16:6f:d8:79:56:0e:4d:22:e6:a0:95:05:b8:4c:0a:
         78:94:36:4a:1a:90:26:2b:bc:3e:42:17:51:ac:7a:8f:5c:1d:
         6f:9a:01:48:ab:8e:2b:ad:ed:0f:2c:0b:f3:cf:38:f5:68:69:
         68:8a:6e:10:53:84:fd:82:e9:82:20:bc:fe:82:a6:6d:69:7e:
         c5:39:c9:96:a7:b9:aa:b1:23:a2:7d:23:56:46:39:24:65:03:
         dd:fd:0a:9f:6c:f6:27:53:9d:56:25:d8:21:6d:54:9f:59:6c:
         b9:c3:d8:4a:04:53:91:6c:9e:65:3f:a5:c9:01:cc:25:a7:f5:
         06:c7:e6:50:c2:a8:20:29:a4:83:24:8a:13:2b:8c:8b:85:94:
         29:ed:01:92:28:80:00:a3:d8:98:97:dc:be:53:57:df:34:b8:
         dd:50:85:5b:f4:48:72:08:25:1c:d2:60:dc:c9:bf:6c:fe:8d:
         c4:5f:a2:c8:48:e0:58:97:bc:43:25:48:40:96:0b:61:65:66:
         5d:c9:a2:88:5e:de:f9:b7:9e:b4:b5:cd:ed:45:3b:9d:21:de:
         21:98:bc:80:0a:6d:dd:9f:ed:5e:a6:2c:43:61:ed:c2:77:ec:
         1a:76:01:a8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIiRAQmCBzHRkdsej1or9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzY1ZGU5Y2MxNmMyNjZjMDJiN2MyY2ExNWI4ZDFkMmYwYTY3ZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+/gkomtHlL2loeOKA1T6uxmqP7l
W6Oh1l0h4+3uohVIuHaJk0W36xPYjlSzdzDLhWO2sBCEk+kxnc339K6rHBwA99F9
JXPQVue+vkv1f2vx57e4bT5XM5pTK0kOqe5b3wfOwD5xY3/Hb/faj4gzC2pT6xNn
cs5XZssZtwT+PolN7KJCUInjGH6EsJQ5FEzte0aCfx54RHzOujFKJw/76CrC9Ikt
tDzBaoWqmaLMeedOYkQFPygcOO1EiVcvMQNJdZsO7HSR9hoeoXjCSIPBclgg9nVK
tDVVHsQ1LPz2dmmjUWJN3FU2B2zrFgp7SlKnQzRkan4XB1Nx5Zx+6/gdzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDNl3pzBbCZsArfCyhW40dLwpn+7MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTTJYZW5NRnNKbXdDdDhMS0ZialIwdkNtZjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBxfw
AwcEKg6xBx7QMA0GCSqGSIb3DQEBCwUAA4IBAQBIt0kk141kDTw4CMhPwrhbPV4/
z7MWb9h5Vg5NIuaglQW4TAp4lDZKGpAmK7w+QhdRrHqPXB1vmgFIq44rre0PLAvz
zzj1aGloim4QU4T9gumCILz+gqZtaX7FOcmWp7mqsSOifSNWRjkkZQPd/QqfbPYn
U51WJdghbVSfWWy5w9hKBFORbJ5lP6XJAcwlp/UGx+ZQwqggKaSDJIoTK4yLhZQp
7QGSKIAAo9iYl9y+U1ffNLjdUIVb9EhyCCUc0mDcyb9s/o3EX6LISOBYl7xDJUhA
lgthZWZdyaKIXt75t560tc3tRTudId4hmLyACm3dn+1epixDYe3Cd+wadgGo
-----END CERTIFICATE-----